Preying on fear and our crucial need for any and all updates regarding the Coronavirus, cyber attackers and ransomware gangs have found their niche. Unique phishing campaigns designed to frighten us into a no-questions-asked “click” on a link that could devastate our offices and networks. Especially Hospitals.
Microsoft has recently “issued its first-ever targeted warning to several dozen hospitals, alerting them to vulnerabilities in their virtual private network (VPN) appliances after spotting a ransomware gang targeting them.”
The Iranian ransomware gang has been targeting hospitals with VPN servers (Pule Secure, Palo Alto Networks, Fortinet, and Citrix) that have exploitable vulnerabilities.
With the world in different stages of lock-down, ZDNet notes that “companies are relying on VPN servers more than ever to support remote workers, making that part of the network a soft spot for ransomware attackers to hit – in particular at hospitals with already strained resources.”
Last month the Department of Homeland Security’s Cybersecurity and Infrastructure Agency warned ALL organizations to “patch VPN services” however, Microsoft is worried in particular for hospitals’ “vulnerability to human-operated ransomware due to unpatched VPN servers.”
Microsoft’s Threat Protection Intelligence Team was able to identify several dozens of hospitals that could fall victim to this threat by the ransomware gang known as REvil (aka Sodinokibi), and issued a “first-of-its-kind targeted notification with important information about the vulnerabilities.”
Included in the notification was a strong warning to apply security updates that will protect their facilities from exploits.
REvil is known for “making massive ransom demands on businesses and government agencies,” and is not using new techniques to target hospitals with vulnerabilities. Instead, the ransomware gang is re-purposing old techniques and using “social engineering tactics tailored to prey on people’s fears and urgent need for information,” according to Microsoft’s Intelligence team.
Microsoft warns groups like REvil are a serious threat because they are run by IT pros who “are very familiar with systems administration and common network security misconfigurations that often aren’t treated as urgent to fix.”
Microsoft’s advice to all organizations (hospitals included), is listed below in three key steps “to protect VPN services from attacks”:
If you need help with Managed IT and Managed Security Services contact DarkHound at [email protected].
Image Source: https://www.pexels.com/photo/grey-and-black-macbook-pro-showing-vpn-2064586/